I had this problem in 2.4.6 too. Set 'bindmethod' back to 'simple' add:
TLSVerifyClient try|allow|never
to your global section.
The default TLSVerifyClient value (seems to have) changed from 'never' to 'demand' in 2.4.6.
Mark
"Lawrence Strydom" writes:
> Thanks Howard
>
> I updated my config files according to the 2.3 Documentation but I
> still have the same problem. Slapd starts without error on both the
> master and the slave but when it runs syncrepl it complains about the
> sasl interactive bind that fails:
> syncrepl rid=123
> provider=ldap://ldap1.tbiraq.com
> type=refreshAndPersist
> #interval=01:00:00:00
> searchbase="dc=mydomain,dc=com"
> filter="(objectClass=organizationalPerson)"
> scope=sub
> attrs="cn,sn,ou,telephoneNumber,title,l"
> schemachecking=off
> #updatedn="cn=replica,dc=mydomain,dc=com"
> bindmethod=sasl
> #saslmech=digest-md5
> binddn="cn=Administrator,dc=mydomain,dc=com"
> credentials="{ssha}mypassword"
man slapd.conf(5)
bindmethod is either simple or sasl, if your choice is sasl you have to
provide a saslmech and authcid or autzid but not a binddn.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6